syslogd problems
Kevin Stevens
groups at pursued-with.net
Mon Jun 7 19:01:55 PDT 2004
Ok, I'm tired of this. Can anyone help me with the OS X syslogd
program and syslogd.conf? Please start with where the hell I can find
accurate documentation:
> fffinch:~ kes$ which syslogd
> /usr/sbin/syslogd
>
> fffinch:~ kes$ syslogd -?
> usage: syslogd [-46Acdknosuv] [-a allowed_peer]
> [-b bind address] [-f config_file]
> [-l log_socket] [-m mark_interval]
> [-P pid_file] [-p log_socket]
>
> fffinch:~ kes$ ps -aux | grep syslog
> root 78 0.0 0.0 18092 236 ?? Ss 7:12PM 0:07.29
> /usr/sbin/syslogd -s -m 0
The man page syslogd(8) references only the following subset of options:
> -d Enable debugging to the standard output, and do not
> disassociate
> from the controlling terminal.
>
> -f Specify the pathname of an alternate configuration file;
> the
> default is /etc/syslog.conf.
>
> -m Select the number of minutes between ``mark'' messages;
> the
> default is 20 minutes.
>
> -u Select the historical ``insecure'' mode, in which syslogd
> will
> accept input from the UDP port. Some software wants
> this, but
> you can be subjected to a variety of attacks over the
> network,
> including attackers remotely filling logs.
>
> -p Specify the pathname of an alternate log socket; the
> default is
> /dev/log.
I want to log syslog entries from a different device to my G5 (10.3.4).
I can eventually get syslog info to be accepted and logged by killing
syslogd and restarting it with the -u option. However, in both my and
a friend's experience, doing so will cause the machine to become
totally unresponsive to mouse, keyboard, or remote access within 24-48
hours. Leaving a 'top' session running doesn't show any obvious
problems with memory, processes, or CPU when this happens.
A separate issue is that I don't see an obvious way to restart syslogd
with different options without hacking around in the system rc script,
which I'm loathe to do for best practice reasons.
Any assistance appreciated!
KeS
More information about the X-Unix
mailing list